Specifications include, but are not limited to: o IT Infrastructure Assessment Assess core infrastructure, critical systems, and the IT department against technology and industry best practices: • IT Infrastructure assessment o Evaluate network, servers, and endpoints. o Review hardware configurations. o Evaluate the overall network design, including VLANs, etc. o Review software applications, cloud, enterprise, desktop, and mobile infrastructure. • IT Security assessment o Assess the security posture of technical infrastructure against security best practices. o Includes server environment, network, computers, and mobile devices. • Business Continuity assessment o Assess the current state of organization’s current business continuity and disaster recovery solutions. o IT Policies, Procedures and Operations Review current policies and procedures in place for daily operations. Identify strategic planning for IT work, systems, and services. Identify procedures related to emergencies, backups, overall resilience. Indicate employee access to, awareness and practice of these procedures. o IT Department & Budget Assessment Assess current staffing and structure for IT management, systems administration, IT processes, and user support against IT industry staffing and management best practices. Review IT budget against industry standards for hardware and software licensing, as well as for improving operational and capital expenditure efficiency. Provide recommendation of effective organizational structure with position titles and brief description of assigned work. Provide recommendations on professional development needs along with estimated cost. o Information Security Assessment Assess key components of a successful information security program, along with a summary of the components in place within the District. This assessment will document areas of information security that are sufficient and working well, along with areas of opportunity, or areas that should be built out to further strengthen the program and reduce risk. Identify cybersecurity framework to be used for assessment. Deliver scoring along with prioritization of work to improve cybersecurity posture.
